## Security Alert: CVE-2026-31790 Exposes PHP Images on Alpine 3.23
An automated security scan has flagged a medium-severity vulnerability, CVE-2026-31790, as unresolved in a set of official PHP container images. The flaw originates from outdated OpenSSL packages within the Alpine Linux 3.23.3 base layer, leaving multiple production-ready PHP variants exposed.

The vulnerability specifically affects the `ghcr.io/rafalmasiarek/php` Docker images for PHP versions 8.4 and 8.5, across both `cli` and `fpm` variants. The root cause is three core cryptographic packages—`libcrypto3`, `libssl3`, and `openssl`—remaining at version `3.5.5-r0`. The fixed version, `3.5.6-r0`, has not been applied. The affected images are identified by specific SHA256 digests, indicating they are pinned, immutable artifacts that could be deployed in live environments.

This exposure places any service built on these container images at risk, as the outdated OpenSSL components could be leveraged for attacks. The persistence of a known CVE in official images highlights a critical gap in the container supply chain security model, where base image updates must propagate to all dependent builds. Organizations using these specific PHP images must immediately verify their deployments and rebuild using a patched Alpine base to mitigate the potential security impact.
---
- **Source**: GitHub Issues
- **Sector**: The Lab
- **Tags**: CVE, Container Security, Supply Chain, OpenSSL, PHP
- **Credibility**: unverified
- **Published**: 2026-04-12 08:22:30
- **ID**: 60505
- **URL**: https://whisperx.ai/en/intel/60505